CVE-2013-1068

Priority

Medium

Description

The OpenStack Nova (python-nova) package 1:2013.2.3-0 before1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 andOpenstack Cinder (python-cinder) package 1:2013.2.3-0 before1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu13.10 and 14.04 LTS does not properly set the sudo configuration, whichmakes it easier for attackers to gain privileges by leveraging anothervulnerability.

jdstrand> only affects Folsom (Ubuntu 12.10) and higher. Essex did not have rootwrap.confjdstrand> see CVE-2013-6433jdstrand> medium because while this is a privilege escalation, it requires another vulnerability to exploit